Understanding open ports is important for managing applications and securing your system. Open ports can allow communication between services, but they can also expose your system to threats. In this guide, we will explain how to check open ports and secure them in Linux using firewall rules and best practices.
Related Read: Common Port Numbers in Computer Networking
Table of Contents
How to Check Open Ports in Linux
There are several ways to check which ports are open and listening on your system.
1. Using netstat
netstat can display active ports and their associated services.
sudo netstat -tulnp
Here,
-t: Show TCP ports.-u: Show UDP ports.-l: Show listening ports.-n: Show numerical addresses instead of resolving hostnames.-p: Show process IDs and names.
Sample Output:
tcp6 0 0 :::8006 :::* LISTEN 1826/pveproxy
tcp6 0 0 :::8080 :::* LISTEN 4744/syncthing
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1022/cupsd
[...]
Regularly check for unexpected open ports to detect unauthorized access:
sudo netstat -tulnp | grep LISTEN
2. Using ss (Recommended)
ss is a faster and more modern alternative to netstat.
sudo ss -tulnp
This command provides similar output but with improved performance.
3. Using lsof
lsof lists open files, including network sockets.
lsof -i -P -n
-i: Show network connections.-P: Do not resolve port numbers to names.-n: Do not resolve IP addresses to hostnames.
4. Using nmap (For Remote Scanning)
To check open ports on a remote system:
nmap -p- <IP-ADDRESS>
-p-: Scan all 65535 ports.
How to Secure Open Ports in Linux
1. Close Unnecessary Ports
If a service is not needed, disable it.
sudo systemctl stop <service> sudo systemctl disable <service>
2. Use a Firewall
A firewall controls traffic by blocking or allowing ports.
Using ufw (for Ubuntu/Debian)
Allow specific ports:
sudo ufw allow 22/tcp
Deny specific ports:
sudo ufw deny 23/tcp
Enable firewall:
sudo ufw enable
For more detailed guide, please check the following link:
Using firewalld (for RHEL-based systems)
Allow a port:
sudo firewall-cmd --add-port=22/tcp --permanent sudo firewall-cmd --reload
Block a port:
sudo firewall-cmd --remove-port=23/tcp --permanent sudo firewall-cmd --reload
Using iptables
Allow SSH from a specific IP:
sudo iptables -A INPUT -p tcp --dport 22 -s <ALLOWED-IP> -j ACCEPT
Block all incoming traffic except SSH:
sudo iptables -P INPUT DROP sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
Save firewall rules:
sudo iptables-save > /etc/iptables.rules
3. Implement Port Knocking
Port knocking adds an extra layer of security by requiring a sequence of connection attempts before opening a port.
We will cover this topic in a separate article soon.
Conclusion
Checking and securing open ports is a fundamental practice in Linux system administration and DevOps. Regular monitoring and proper firewall configurations will help protect your system from threats.
Recommended Read:
